Crypto and Ethics
If you search the web for articles on cryptocurrency, DeFi and ethics, most of what you’ll find is those saying: “Bitcoin has no intrinsic value and is evil”. Apart from falling into one of the two camps of propaganda surrounding cryptocurrencies (the other being libertarian decentralization maximalists), it doesn’t address a much more pressing question, namely … well … I’ll summarize it in the next paragraph while waving goodbye to the two cohorts of people that I have managed to offend with this one.
The question is this: in DeFi and cryptocurrencies, where is the line between good or acceptable behaviour, and bad or downright evil behaviour?
This question arose from thinking about and discussing my previous article with a few people. The article was on a scam masquerading as the source code for a front-runner bot, and I only looked at the mechanisms whereby the scammer’s code (that they claimed was a front-runner bot) looked like it was performing decentralized exchange arbitrage, while all along it was siphoning off funds provided to the contract by the person deploying and interacting with it.
What I didn’t look at or raise what the people being scammed were trying to do. And I missed an opportunity there that I am hoping to set right now.
The people being scammed were hoping to make a profit from front-running.
Two wrongs make a wrong
Clearly, scamming people by claiming: “here is an honest contract providing a service that does X, which may benefit you” (such as a decentralized exchange, a loan protocol, or a bridge), when actually all the contract does is Y, namely take deposited cryptocurrency or tokens and transfer them to the scammer, is wrong.
I also don’t have much sympathy for someone who follows a tutorial that claims: here is a contract that will steal crypto from other people and give it to you, when actually the contract steals crypto from them and gives it to a scammer.
Front-running falls in a dark-gray area. In traditional finance it has been illegal for a long time, and the regulation bodies out there come down like a ton of bricks on people who engage in it, because it is form of insider trading.
Some people, who typically side with the “code is law” approach to DeFi, think it is fine on a blockchain — after all, the information is public at the point that the transaction is copied and submitted with a higher gas fee to ensure it is executed first. If it runs, it’s valid.
Others think it is unfair to have rich front-running whales with sophisticated monitoring software swooping in and grabbing the profits off less fortunate crypto-traders.
And in fact, the Ethereum devs are putting a lot of work into trying to overcome front-running, sandwich attacks, miner extracted value, and other things that they see as “greatly diminishing the user experience and threatening the stability of the network”, in the same way that the SEC was initially set up to prevent insider trading and other trading activities that we as a community decided were unethical.
The kids are alright
There is a third group of miscreants, namely those who don’t know what they are doing, or haven’t thought through the implications. When I was much younger, I used to be one of them.
As an undergraduate I managed to do a few naughty things that got me fined and banned from the University computing systems for a while. At the time, as a young and curious man, I felt that this was all rather unjust. I wasn’t being purposely malicious. I was just exploring what the Cambridge networked computers could do — a bit like trying door handles to warehouses, walking around poking at a few things, but not taking anything. Where’s the harm in that?
As an older person who has had to deal with this kind of silliness on the other side of the firewall, I now understand that the officers at the computing systems department were right — the rules were written in the terms and conditions for getting an account, and what’s more, those rules were produced to prevent irresponsible undergraduates from wasting staff time and possibly accidentally causing irreparable damage.
Just because you can throw a rock through a window, doesn’t make it all right.
(Although I’m secretly still proud of the fact that I managed to crack their block on the `rfork` command using a complicated `rlogin` approach instead, but I wish it hasn’t disabled the Engineering department network of SPARCstations for a couple of days.)
Code is law is a bad idea
Nobody, not even the most experienced OG bearded sandal-wearing Unix guru, knows where the next flaw in software is going to come from, or how it can be exploited. And it’s the same in conventional law — society sets the rules and boundaries as to what is acceptable and what is not (sometimes even actually based on ethics) and then the boundaries are pushed. That’s why laws are extended and modified all the time, as are terms and conditions.
With smart contracts, the problem is that the code (generally speaking — there are exceptions) can’t be modified after it is deployed. And anyone who has worked in software for more than a year knows: the intent of the specification is never fully caught in the code released into production.
Furthermore, in conventional software, if you discover a bug, there are often bounties made available by the software vendor for revealing them to the development team. This rewards white-hat hackers for their efforts and insights. You could decide to become a black-hat hacker, but that involves getting tangled up in the criminal underworld, and significant risks in getting caught. A casual explorer of software isn’t going to do that.
The problem with DeFi smart contracts is that the amount of value locked up in them can be immense, dwarfing any bug bounties that are offered, and that value can be siphoned off without having to sell code to the Russian mafia, North Korea, or some other gang of undesirables. And there are tools such as Tornado available to disguise where the gains are going.
The people who suffer from such exploits are remote and dispersed. It’s like hacking into that computer services computer I described above — you don’t directly see the impact your actions have on others out there, but that doesn’t stop them existing, or getting hurt.
Don’t be evil
To recap — as I see it, there are three categories of people:
- Those who recognize there are good and evil actions you can take in the DeFi world, and choose the former.
- Those who knowingly chose the latter, putting profits ahead of decent behaviour.
- Those who aren’t mature enough to recognize where the line between good and evil is drawn in the above two cases.
Bootcamps and blockchain courses offer all sorts of instruction on software coding, cryptography, contract auditing and analysis, and testing. Sometimes they even include advice on sales, marketing, and project management.
I’ve yet to see one that offers a module or course section on ethics.
Perhaps it’s time that changed…
